WhatsApp vulnerability allows hackers to install spyware on your phone with one call

Facebook shared a security advisory on Monday, May 13th warning WhatsApp users that an “advanced cyber actor” has been spreading spyware through the app by taking advantage of a buffer overflow vulnerability. All that it took to install the spyware on a target’s phone was calling them through the WhatsApp mobile app.

It is important to keep your apps and smartphone up to date to keep them secure from cyber attacks and bugs.

Here are all of the versions of the app which was affected, according to WhatsApp’s advisory:

WhatsApp for iOS prior to v2.19.51

WhatsApp for Android prior to v2.19.134

WhatsApp Business for iOS prior to v2.19.51

WhatsApp Business for Android prior to v2.19.44

WhatsApp for Windows Phone prior to v2.18.348

It’s developed by Israeli technology firm NSO Group, which has been in the news sporadically in recent years.

The vulnerability indication primarily discovered this month, it was in use last Sunday, according to Citizen Lab:

WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software https://t.co/pJvjFMy2awhttps://t.co/e8VQUraZWQ

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp told the Financial Times when asked about the hack on Monday evening. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”

As for NSO, a spokesman for the firm says that it “would not, or could not” use its Pegasus spyware to target “any person or organisation.” That may well be true, but someone is using it for nefarious purposes.